Red Hat Product Errata RHSA-2024:8788 - Security Advisory
Issued:
2024-11-04
Updated:
2024-11-04

RHSA-2024:8788 - Security Advisory

Synopsis

Important: krb5 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for krb5 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Security Fix(es):

  • freeradius: forgery attack (CVE-2024-3596)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 2263240 - CVE-2024-3596 freeradius: forgery attack
  • RHEL-55453 - libkrad: implement support for Message-Authenticator (CVE-2024-3596) [rhel-7]

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
krb5-1.15.1-55.el7_9.3.src.rpm SHA-256: 927d61531c4467956e50dc456f6e58834eeb6743e1da55f582d2834b27e66c6c
x86_64
krb5-debuginfo-1.15.1-55.el7_9.3.i686.rpm SHA-256: f0de829e1861cbb6916281b5aca87df11576cf8328b00bfae67afd276818d8f0
krb5-debuginfo-1.15.1-55.el7_9.3.x86_64.rpm SHA-256: 878af6ad385a6e1ad221743ef03537811df1d9eeb04a9d7ccea6e3c46b7a9da9
krb5-devel-1.15.1-55.el7_9.3.i686.rpm SHA-256: 6fd623d6ab0965ce620785f8ebd96820792dbc8093c3e3a269d17ae466cae8c9
krb5-devel-1.15.1-55.el7_9.3.x86_64.rpm SHA-256: db3805d6e333b7aeb4ff8ecd62aa7957e952a77495ce4b78bf657ca8a0fa0fc3
krb5-libs-1.15.1-55.el7_9.3.i686.rpm SHA-256: 31695e23ac8c7d8c2fe78dca181162b42ec1ca73782c5ef321dd1064433f70b9
krb5-libs-1.15.1-55.el7_9.3.x86_64.rpm SHA-256: 106908bdc3eb06591904e22485d0658dc416bc5cb8aa76bb5c73086a71a2ff12
krb5-pkinit-1.15.1-55.el7_9.3.x86_64.rpm SHA-256: af92b3bceb80f3e5d00f61048da393d1dc25055ddee120f780f00d7873fb27a9
krb5-server-1.15.1-55.el7_9.3.x86_64.rpm SHA-256: 8914da3cb2d3706341b7d17fb551421447153d0b0fe06008ea53f61bca2aa8d8
krb5-server-ldap-1.15.1-55.el7_9.3.x86_64.rpm SHA-256: 916e60692e790f60f8993e7d43175db818a60a5f04e8c7ea7dfca793b0b6ec0f
krb5-workstation-1.15.1-55.el7_9.3.x86_64.rpm SHA-256: e1a1d4668ff28f12ed32fdcfd9f3f8c1476b88f20102bd967c6faba8e73fbd0c
libkadm5-1.15.1-55.el7_9.3.i686.rpm SHA-256: f13096127408db13ba771d953648dad9661e04e61c7bf88a671b4a03150d6264
libkadm5-1.15.1-55.el7_9.3.x86_64.rpm SHA-256: 8985f9b736653a1f404454e11964fec6aefa21af07dd889120b5fd7abd9b95a8

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
krb5-1.15.1-55.el7_9.3.src.rpm SHA-256: 927d61531c4467956e50dc456f6e58834eeb6743e1da55f582d2834b27e66c6c
s390x
krb5-debuginfo-1.15.1-55.el7_9.3.s390.rpm SHA-256: 8938915c94438d5c10772716d56690e2461c748dff77fd408702e76a61ad7a2a
krb5-debuginfo-1.15.1-55.el7_9.3.s390x.rpm SHA-256: be803c72e25b3657493534127f6ebcb67161774bc6f925ca249d7122930dcf4f
krb5-devel-1.15.1-55.el7_9.3.s390.rpm SHA-256: d1335cb810747bb3a7ff99343f5b65b92759675c1c6c28d2f4ffaf822f5c17cd
krb5-devel-1.15.1-55.el7_9.3.s390x.rpm SHA-256: ede078d47155af3103c2e556cd9d789a2f2064d4c1d7788c88428a3a6cc4e7cc
krb5-libs-1.15.1-55.el7_9.3.s390.rpm SHA-256: 8c870861b07a978950b638025af45c2cda9fb57d0e29c25be0a8b5efd2e20204
krb5-libs-1.15.1-55.el7_9.3.s390x.rpm SHA-256: f5f9ed49bff7a934179439e4ee1df80e67a45139eda2199296ce350c9560bde6
krb5-pkinit-1.15.1-55.el7_9.3.s390x.rpm SHA-256: f3bc73db42b4033005a25baa84721db654bde231d32a45dff62ae83d2f2b0507
krb5-server-1.15.1-55.el7_9.3.s390x.rpm SHA-256: fd89d9a72fa027dc47ad45773e2866c7de16b76d452f6d885bacaf4fda8cf5e5
krb5-server-ldap-1.15.1-55.el7_9.3.s390x.rpm SHA-256: f855fe0c0c2621b210142964185d739a0e4877c264b89f9c4aa8bc2686a6dafb
krb5-workstation-1.15.1-55.el7_9.3.s390x.rpm SHA-256: 63840ceaaa819b66bd735e3c68bfbf9a9c8009533477a80eaf06e7f304b6420c
libkadm5-1.15.1-55.el7_9.3.s390.rpm SHA-256: 019933cdce46556cfabec36e67fc0b86319986df20a1bda02aa49ed6efd25443
libkadm5-1.15.1-55.el7_9.3.s390x.rpm SHA-256: a77e461ff072cffa0bb19b5a37c96ed60a8a358ace85e23105334a14f2ab1a9b

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
krb5-1.15.1-55.el7_9.3.src.rpm SHA-256: 927d61531c4467956e50dc456f6e58834eeb6743e1da55f582d2834b27e66c6c
ppc64
krb5-debuginfo-1.15.1-55.el7_9.3.ppc.rpm SHA-256: 5555c65dfac1d10269999ae42a82f5cc0fd8c1757dd6ed8bc6c077e4c8ac5a63
krb5-debuginfo-1.15.1-55.el7_9.3.ppc64.rpm SHA-256: fa10d5556eb31b5c4c149946337ffbecc0394ad88bc50c516f710fe5f1672132
krb5-devel-1.15.1-55.el7_9.3.ppc.rpm SHA-256: e6ef35495bcad7d3a5aa49ac65b3e4e778cd68ab70b2d0bcffe115defba186f8
krb5-devel-1.15.1-55.el7_9.3.ppc64.rpm SHA-256: 8a6d7e5b74a8fcf1cf8dfdc2abbfec5e6f2d64810a9a5f02b6e8184a6cfe376b
krb5-libs-1.15.1-55.el7_9.3.ppc.rpm SHA-256: c68cfe04b9576f10a39cfa891bb3b530afdb2b6f43352bc67fad2ce56da5b0eb
krb5-libs-1.15.1-55.el7_9.3.ppc64.rpm SHA-256: aa00c02ca0bc36670ee2e59e5bde7d4ea79d3e1dfc548456c2d095019b353ee8
krb5-pkinit-1.15.1-55.el7_9.3.ppc64.rpm SHA-256: eade6e88ac6ee1e9fd09525277f8284f4a1b40f042ad2abc3a3536c2ba05a933
krb5-server-1.15.1-55.el7_9.3.ppc64.rpm SHA-256: ecafc9547c87f8cc80618f3acec9aa49392ceee0df30a58c5a97670d6e7a3fb3
krb5-server-ldap-1.15.1-55.el7_9.3.ppc64.rpm SHA-256: 27c512c28005326f18c35e65dd03e46421c06731f6437a9f4a853f6a538bea3e
krb5-workstation-1.15.1-55.el7_9.3.ppc64.rpm SHA-256: 62f3e48f0710470e995c4a941977973fda006a63f73a7449e616cf9971da91b3
libkadm5-1.15.1-55.el7_9.3.ppc.rpm SHA-256: cd20bc4f8be6654053b923d24c5d551a6b06a622dc203d80216c29bd9b601ff0
libkadm5-1.15.1-55.el7_9.3.ppc64.rpm SHA-256: ec3365a6985937ef88063d1c539250becf5d58bfec06616f2dec65d66de0b76e

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
krb5-1.15.1-55.el7_9.3.src.rpm SHA-256: 927d61531c4467956e50dc456f6e58834eeb6743e1da55f582d2834b27e66c6c
ppc64le
krb5-debuginfo-1.15.1-55.el7_9.3.ppc64le.rpm SHA-256: 41ebc49a6041d3294626b34ad63758168c10ad6bb352564cf7d3c6a3876a4ace
krb5-devel-1.15.1-55.el7_9.3.ppc64le.rpm SHA-256: 9fc4eebe3e10a93ff5c4b4472a714aa85aa38149a4012d3fc9d5eefc9ca79b6b
krb5-libs-1.15.1-55.el7_9.3.ppc64le.rpm SHA-256: a83be97ca44c23c01c0c23dd4026a71ce584809f907c6be94d7afbd5bc7f2cff
krb5-pkinit-1.15.1-55.el7_9.3.ppc64le.rpm SHA-256: 417e7c4099a5211e7fd3fe9315bedbe6095c19284b331e59c386b70c03035fd3
krb5-server-1.15.1-55.el7_9.3.ppc64le.rpm SHA-256: ba1108a03fd784de73cf39a6dae758cf143c655fba472c5af869a2a6ba8daa94
krb5-server-ldap-1.15.1-55.el7_9.3.ppc64le.rpm SHA-256: c6dcde72fcfb5ee814f875db03ca2e3738736be085e5bc474708417aed0a1162
krb5-workstation-1.15.1-55.el7_9.3.ppc64le.rpm SHA-256: 8b83cfca1032caf80cea423fa88ed78f6eb28a066ad50472d50031382bb88d05
libkadm5-1.15.1-55.el7_9.3.ppc64le.rpm SHA-256: b9b1d080329d0997e23eddbdb26e81e356472e87ca73f96d6abc6eb8fddc01b2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.